[MacPorts] #56425: p7zip: CVE-2018-10115: Arbitrary code execution via crafted RAR archives
MacPorts
noreply at macports.org
Thu May 3 23:02:08 UTC 2018
#56425: p7zip: CVE-2018-10115: Arbitrary code execution via crafted RAR archives
----------------------+--------------------
Reporter: raimue | Owner: (none)
Type: defect | Status: new
Priority: Normal | Milestone:
Component: ports | Version:
Keywords: security | Port: p7zip
----------------------+--------------------
A vulnerability was found in the code handling RAR archives in 7zip that
allows to execute arbitrary code. This is likely also exploitable in p7zip
@16.02. The bug has been fixed in the Windows variant of 7-Zip in version
18.05, but there was no new release for the p7zip code. No patches for
p7zip are available as of this writing.
* https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-
code-execution/
* https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-10115
--
Ticket URL: <https://trac.macports.org/ticket/56425>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list